Lucene search
+L

15324 matches found

Nuclei
Nuclei
added 10 hours ago3 views

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass

NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions. id: CVE-2026-24207 info...

9.8CVSS5.3AI score0.02166EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago16 views

ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

9.8CVSS5.8AI score0.02654EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago74 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.3AI score0.02204EPSS
Exploits1References4
Cvelist
Cvelist
added 2 days ago43 views

CVE-2026-14960 CVE-2026-14960

Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...

0.00203EPSS
Exploits1References1
NVD
NVD
added 2 days ago8 views

CVE-2026-56699

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS0.00351EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-47471

NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service...

7.5CVSS0.00216EPSS
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-47473

NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure...

7.4CVSS0.00129EPSS
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-24259

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-24233

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of...

8.4CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-24229

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, dat...

7.3CVSS0.00121EPSS
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-24226

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS0.00119EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...

6.5CVSS6.1AI score0.00158EPSS
Exploits0References6
NVD
NVD
added 3 days ago4 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-47481

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

6.5CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-24226

NVIDIA TensorRT-LLM for Linux (CVE-2026-24226) is affected; the vulnerability is described as improper control of code generation, potentially enabling code execution, data tampering, and information disclosure. The NVIDIA security bulletin lists affected versions 0.0 to v1.3.0rc12 with an update...

6.3CVSS6.1AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-24226

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS0.00119EPSS
Exploits0References2
Rows per page
Query Builder